GRIT Report 2023: Unpacking the Surge in Ransomware Attacks

Ransomware Annual Report 2023

The GRIT Ransomware Annual Report 2023 offers a comprehensive overview of the evolving ransomware landscape. This detailed report not only analyzes the surge in ransomware attacks but also delves into the intricate workings and strategies of various ransomware groups.

2023 witnessed an alarming increase in ransomware activities, almost doubling the previous year’s figures. In total, GRIT observed 63 distinct ransomware groups leverage encryption, data exfiltration, data extortion, and other novel tactics to compromise and publicly post 4,519 victims across all 30 of GRIT’s tracked industries, and in 120 countries. This escalation is partly attributed to mass exploitation campaigns that affected hundreds of organizations.

Image Credit: GuidePoint Security

The United States emerged as the most affected country, with about half of all observed attacks taking place there. Among posted victims, 2,199 were US-based organizations, accounting for 49% of all observed ransomware attacks in 2023. The report notes a concentration of attacks in North America and Europe, with industries like manufacturing and technology facing the brunt of these incursions. The same “top ten” most impacted countries were home to 76% of all observed victim organizations, of which 27% impacted non-US countries.

The year saw ransomware groups leveraging a mix of old and new tactics, including data exfiltration and extortion. Established groups continued to dominate in terms of victim count, though emerging and ephemeral groups also made their presence felt. Interestingly, the report highlights a shift towards data extortion operations, indicating a blurring line between traditional ransomware attacks and other forms of cyber extortion.

While mass exploitation campaigns contributed substantially to this large increase, we saw a significant increase in ransomware activity overall,” said Drew Schmitt, Practice Lead, GRIT. “New entrants in the ransomware ecosystem had repeated opportunities either through reduced technical barriers such as the recycling of leaked ransomware builders and commodity malware, or the recycling of previously leaked data for attempted re-extortion and claims of attacks that never were.

The report touches upon significant law enforcement disruptions, including the takedown of a major group’s dark web leak site. Additionally, the release of public decryptors for certain ransomware strains had a notable impact on the operations of those groups, compelling them to alter their tactics.

The GRIT Ransomware Annual Report 2023 concludes with a forward-looking perspective, anticipating continued evolution in ransomware tactics and perhaps an increase in the use of novel coercive techniques by these groups. The report serves as a crucial resource for understanding the current state of ransomware and preparing for future cybersecurity challenges.